Seen on NJCCIC, a summary of a breach noted by them on December 10: A hacked database belonging to Fax Express, an office equipment supply store based in Ocean County, NJ was exposed, revealing approximately 560,000 compromised usernames and dehashed passwords. The breached database is connected to the domain shredderstoo[.]com and is assessed to be owned…
Category: Exposure
Tech unicorn UiPath discloses data breach
Catalin Cimpanu reports: Tech unicorn UiPath, a startup that makes robotics automation software, is currently emailing users about a security incident that exposed their personal information online. “On December 1, 2020, UiPath became aware of an incident that resulted in unauthorized disclosure of a file containing limited personal information about users of UiPath Academy,” the…
Norwegian DPA imposes administrative fine to Østfold HF Hospital
From EDPB on November 25: The Norwegian Data Protection Authority has decided on an administrative fee of NOK 750,000 to Østfold HF Hospital. The background is that in the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the…
GE puts default password in radiology devices, leaving healthcare networks exposed
Dan Goodin reports: Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a…
Sensitive details of of 7 million Indian cardholders available on dark web
Advait Palepu reports: Sensitive details belonging to 7 million debit and credit cardholders are available on a public Google Drive document that has been circulating on the dark web. The document was discovered by cybersecurity researcher Rajshekhar Rajaharia who reached out MediaNama stating that names of cardholders along with employers’ name, income levels, phone numbers, email addresses,…
Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data
Ry Crozier reports: A 2017 data breach at Flight Centre occurred when passport and credit card numbers for 6918 customers were accidentally left in a dataset used by the participants of a hackathon. Details of the breach are revealed in a determination by the Australian Information Commissioner and Privacy Commissioner Angelene Falk that Flight Centre breached Australian…